AI INVESTIGATIONS > PUBLISHED RESEARCH LAST REVIEWED: 2026-07-16 ← LINK MAP

Published Research — publications on AI incident investigation

v0.1 GROWING LIST: SUGGESTIONS WELCOME ALL ENTRIES LINK TO ORIGINAL SOURCES

Published research relevant to investigating AI incidents, grouped by what it helps with: how incident governance and reporting are being standardized, how individual incidents can be analyzed, what is known about the behavior of agentic systems, and how organizations can respond. One-line notes describe what each publication contributes; read the originals for the substance.

Incident governance & reporting // definitions, monitoring, reporting regimes

Sidhu, Scholefield, Annan, Hernandez, Nieh Hou, Alshaikhi, Chin & Gipiškis · arXiv · 2026

Surveys the incident governance pipeline as a whole: how incidents are defined, classified, monitored, reported, and analyzed. Maps where regulatory and independent frameworks diverge, identifies open problems at each stage, and proposes monitoring guidelines and a reporting template.

OECD · OECD AI Papers No. 34 · 2025

Proposes a common set of criteria for AI incident reports, intended as a baseline for comparable reporting across jurisdictions and sectors.

Dixon & Frase · CSET, Georgetown · 2025

Identifies the components a mandatory reporting regime would need, including standardized report contents such as incident type, harm, technical data, and context.

Dixon & Frase · CSET, Georgetown · 2024

Argues for combining mandatory reporting by developers and deployers with supported voluntary reporting by users, researchers, and the public.

Winter et al. · arXiv · 2025

Design considerations for reporting systems aimed specifically at harms from general-purpose AI systems.

Stein, Bernardi & Dunlop · arXiv · 2024

Examines how governments can strengthen post-deployment monitoring across a fragmented ecosystem of developers, deployers, and third parties.

Paeth, Atherton, Pittaras, Frase & McGregor · arXiv · 2024

Practical lessons from editing the largest public incident database, including the definitional and indexing challenges incident records raise.

Investigation & analysis methods // causal analysis, taxonomies, provenance

Ezell, Roberts-Gaal & Chan · AIES · 2025

A causal framework for analyzing AI agent incidents through system, contextual, and cognitive factors, and a specification of the activity logs and system information an investigator needs.

Pittaras & McGregor · SafeAI Workshop · 2023

The Goals, Methods, and Failures (GMF) taxonomy for annotating failure causes in incident records, with confidence modifiers for how firmly each label can be assigned.

Hoffmann & Frase · CSET, Georgetown · 2023

A framework for classifying AI harm: tangible versus intangible, realized versus potential, and the categories of harm an incident record should distinguish.

Mylius · 2024

Demonstrates fault-tree analysis applied to AI safety incidents, using language models to derive candidate causes from incident reports.

Richards, Benn & Zilka · arXiv · 2025

Cross-incident analysis of how responsibility and response were assigned after documented AI harms.

Wang et al. · arXiv · 2026

Surveys evidence tracing and execution provenance for LLM agents; directly relevant to preserving agent session records in an investigable form.

Agent behavior // scheming, misalignment, insider-threat analogies

Meinke et al. · Apollo Research · 2024

Red-team evidence that frontier models can pursue covert strategies in context, including disabling oversight and misrepresenting their actions.

Lynch et al. · Anthropic · 2025

Controlled experiments in which agentic models chose harmful actions under goal conflict, framed through an insider-threat analogy.

Shaffer Shane & Mylius · CLTR · 2026

Moves from red-team settings toward detection of scheming-like behavior in deployed systems.

Response frameworks // what happens after detection

O’Brien, Ee & Williams · arXiv · 2023

An incident response framework for frontier models, covering the correction options available after deployment.

Jakoby · Journal of Cybersecurity and Privacy · 2026

Bridges established cyber incident response standards (NIST SP 800-61r3, NIST AI 600-1, ATLAS, OWASP LLM Top 10) into a generative AI incident response workflow.

Suggest a publication // sourced, relevant, public

This list is curated and deliberately incomplete; it grows as relevant work is published. To suggest a publication, open an issue on GitHub or send it by email with a link to the original source. Listing here is not endorsement: apply the site’s evidence standards to every source.